SERVER-45038 Add privilege actions for getDefaultRWConcern and setDefaultRWConcern commands

author: Jack Mulrow <jack.mulrow@mongodb.com> 2020-01-09 17:51:42 +0000
committer: evergreen <evergreen@mongodb.com> 2020-01-09 17:51:42 +0000
commit: 239faf80a16019dd5f5a84df0c858ce8937a9a91 (patch)
tree: a585d70e5a2f0f6f90208a8396baf4658d22abb0 /src/mongo/db/commands/rwc_defaults_commands.cpp
parent: f68734daa5e03a737bfea6703be9870769b0dbaf (diff)
download: mongo-239faf80a16019dd5f5a84df0c858ce8937a9a91.tar.gz
1 files changed, 13 insertions, 4 deletions
diff --git a/src/mongo/db/commands/rwc_defaults_commands.cpp b/src/mongo/db/commands/rwc_defaults_commands.cpp
index 0253c2dc31a..848ee832504 100644
--- a/src/mongo/db/commands/rwc_defaults_commands.cpp
+++ b/src/mongo/db/commands/rwc_defaults_commands.cpp
@@ -31,6 +31,7 @@
 
 #include "mongo/platform/basic.h"
 
+#include "mongo/db/auth/authorization_session.h"
 #include "mongo/db/commands.h"
 #include "mongo/db/commands/rwc_defaults_commands_gen.h"
 #include "mongo/db/dbdirectclient.h"
@@ -125,8 +126,12 @@ public:
             return true;
         }
 
-        void doCheckAuthorization(OperationContext*) const override {
-            // TODO SERVER-45038: add and use privilege action
+        void doCheckAuthorization(OperationContext* opCtx) const override {
+            uassert(ErrorCodes::Unauthorized,
+                    "Unauthorized",
+                    AuthorizationSession::get(opCtx->getClient())
+                        ->isAuthorizedForPrivilege(Privilege{ResourcePattern::forClusterResource(),
+                                                             ActionType::setDefaultRWConcern}));
         }
 
         NamespaceString ns() const override {
@@ -172,8 +177,12 @@ public:
             return false;
         }
 
-        void doCheckAuthorization(OperationContext*) const override {
-            // TODO SERVER-45038: add and use privilege action
+        void doCheckAuthorization(OperationContext* opCtx) const override {
+            uassert(ErrorCodes::Unauthorized,
+                    "Unauthorized",
+                    AuthorizationSession::get(opCtx->getClient())
+                        ->isAuthorizedForPrivilege(Privilege{ResourcePattern::forClusterResource(),
+                                                             ActionType::getDefaultRWConcern}));
         }
 
         NamespaceString ns() const override {
author	Jack Mulrow <jack.mulrow@mongodb.com>	2020-01-09 17:51:42 +0000
committer	evergreen <evergreen@mongodb.com>	2020-01-09 17:51:42 +0000
commit	239faf80a16019dd5f5a84df0c858ce8937a9a91 (patch)
tree	a585d70e5a2f0f6f90208a8396baf4658d22abb0 /src/mongo/db/commands/rwc_defaults_commands.cpp
parent	f68734daa5e03a737bfea6703be9870769b0dbaf (diff)
download	mongo-239faf80a16019dd5f5a84df0c858ce8937a9a91.tar.gz